BitLocker on Win 8 Pro x64

Hello,

I have almost no knowledge of BitLocker. I am considering using it on my system as an added layer of security. Since I have almost no knowledge of BL, I am looking for the members here at Wilders to help me make an informed decision as to whether I use it or not. Any opinions and/or experiences will be most welcome and appreciated. The main reason I am considering BL is I have not personally seen too very many "horror" stories about it. Other software such as TrueCrypt seem to be a bit more involved both in installing, setting up, and maintaining. I have also seen many "horror" stories, mostly involving corruption and trying to restore things back to a normal state. I have heard of too many having to start over with TrueCrypt. Now do not get me wrong as I am sure TC is a great product, but I do not want to spend much time in installing, setting up, maintaining, or having to deal with problems. Believe me, if it can get messed up, I will do it.

Some of my questions I have now at this moment:

• Is BL easy to set up and use?
• How does it affect system performance?
• Does it affect imaging as far as backup and restoring?
• From an operational and system viewpoint, once setup and running, can I tell any difference in how my system works or functions?
• Is the setup process easy and foolproof?
• Once setup and running, is it pretty much forget it after that point or does it require much maintenance?
• How will BL affect my defragmentation processes, if at all?
• What are the advantages of using BL?
• What are the disadvantages of using BL?
• Are there any quirks or warnings I should know about BL and if so, what is the best ways to avoid them?

These are the questions that I have running around inside my head at the moment. I am sure I will have more, especially as I start getting some feedback.

Basically I want something that I can set up easily, is easy to use, takes little or no maintenance, and once up and running I can tell no difference in my system. I want it to be stable and reliable, and pose very little (preferably none) problems throughout my normal daily computer usage.

I hope some of you are familiar with BL and some of you have either used it or are currently using it. I do not want too make headaches for myself by trying to implement BL or during its usage. Thanks to all for your help in answering my questions and deciding whether BL is for me.

 

Yes, very.

On a modern system it should be a single digit (0-9%) performance hit for average users, low double digits for servers.

Not sure, probably.

It's almost entirely invisible - the only time you'll see it is at bootup.

Mostly. Two key things:

1) Don't use special ASCII symbols, you can set the password with one but you can't enter it. You will be locked out of your system.

2) It saves a keyfile that will unlock the drive. I suggest either keeping it on a USB that you know you can secure or destroy the file.

Not sure. Good question.

If the device is off an attacker with physical access will need your passphrase to read or tamper with any of the data.

Dual booting with other OS's is difficult/impossible. Slight performance hit, can be more depending on workload.

Again, don't enter a special character. You will be locked out.

 

Hello,

Thanks Hungry Man for your response. It answered a lot of my questions.

I am having another concern at the moment. From when I made the original post and by the number of views, I can make a very basic assumption that not many people use BitLocker. A very rudimentary guess based on the statistics of this thread so far would be that a very low percentage (perhaps as low as one percent or less) of people use BL. Should this be a cause for concern? Possibly depending on the reasons why, such as they have tried it and it caused problems or they just did not like it, or maybe just not that many have actually tried BL.

Not taking the above into consideration, I have three questions about BL left before I actually decide whether to proceed and give BL a try.

• Does defragmentation adversely affect BL in any way? I would like to continue using PerfectDisk 12.5 but want to be sure of no bad effects in doing so.
• Can I still do my imaging and restoring in the same manner as I have been without BL. I use IFW live in Windows, and also by bootable USB to the Windows RE and booting directly to the Windows RE from Windows.
• The best I have determined is that BL alters the MBR, at least initially when it is installed. I use AppGuard which has an MBRGuard component. I am fairly certain then that I would need to disable MBRGuard during install/setup of BL. After that, would I be able to enable MBRGuard again and use its protection without any problems with BL?

It is a bit disheartening and makes me a bit weary that I have no more response to my thread than I have. It does make me hesitant to give BL a try but if I could get definitive answers to the above questions and they are positive, I will give BL a shot.

I look forward to any experiences at all, good or bad, that any of you are willing to take the time to share. Again, thanks in advance...

 

Unfortunately I cannot answer your good questions however I can give a general feedback about Bitlocker even if on W7 64bit.
After some years of using Truecrypt I am now trying bitlocker. I have just encrypted a new HDD partition plus an external HDD.
I changed the encryption from the default AES 128 bit to AES 256 bit.
The HDD partition is much more easy to handle than when truecrypted, because on windows explorer shows up as a disk "D" (while TC showed up D but also the real partition, for example E).
Now, since the PC is not mine but given to me by my employer, they are also going to install tomorrow McAfee End Encryption, to encrypt the whole system.
I am curios to see if this will encrypt only C or also partition D (I do not think so, but I am not sure...)

 

@dogbite - Thanks for replying. Did BL use a lot of resources or CPU? Did you notice any slowdowns or could you tell BL was running?

 

not at all.
Unfortunately today I had to remove encryption because it's not compatible with McAfee Endpoint Encryption which is gonna be deployed as system encryption by the company I work for.
But after McAfee is installed I can encrypt again my D partition.
On other words, the issue is when installing Mcafee. Once installed I can encryt back with bitlocker.

In this process, I learnt another advantage vs Truecrypt: you can decrypt the HDD without losing any data and without the need of copying all the data to another drive to avoid losing it (since Truecryt decription is not other than a new formatting of the HDD).